Forum rules

Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...

I've been Looking into some SSD firmware as this seems to be a good place to start research. Samsung firmware is encoded by a rather silly method. I really wonder why they bothered.?. I have coded up a small python script to decode Samsung firmware and the associated file that accompanies a firmware update. I am using Python 3.4.3

For firmware update ISO's, you can strip out the relevant DSRD.enc update info file and, for example, "DXM06B0Q.enc" firmware files in a number of ways.here are a few steps that work:

1 .Right-click and choose extract using 7-zip.

2. Open the extracted folder, then navigate to the appropriate disk image that holds the firmware. it will be called something like "Bootable_2.88M.img". Depending on the ISO, if it is a DOS or Linux based boot, the files will be in various places, not hard to find. Interestingly there is also mac trash files and deleted firmware, looks rather sloppy TBH.

3. Extract the files from this image, you can use winhex to parse the image, probably even R-Studio or GetDataBack..or whatever. many ways to do this.

4. find the firmware files. DSRD.enc and DXM06B0Q.enc are examples.

5. copy "samsung_ssd_decode.py" to the same folder and run it.

Attachment:

dos.jpg [ 59.2 KiB | Viewed 23186 times ]

here is before and after screenshot, but the actual firmware file is probably WAY more interesting

Attachment:

dec.jpg [ 185.69 KiB | Viewed 23186 times ]

I have some other stuff I am working on, hopefully I can get something interesting to share out of it.

I think your solution is more elegant, but my solution is more general. Since it allows to use any array of XOR values and abandon a nibble division.

What deals with unpacking of firmware from previous drives like MLC SSD (VBM18C1Q, VBM19C1Q, VBM1AD1Q,...)?

By the way question of dumb procedure recedes given firmware protection.Did you start research of check sums of microcode? You can see whatever ranging from CRC16 to Elliptic Curve DSA (ECDSA). And firmware is protected by several control sums concurrently. Seems like Samsung developers don't like if somebody modifies the firmware of their SSD.There is idea that if they read this topic then they will change encryption algorithm.

Nice to see another way of doing it, thanksI don't have any other firmware a currently so I am not sure how they are obfuscated

Actually I haven't really started looking at the firmware itself in great detail

I was starting to look at the update mechanism itself and was attempting to reverse the flasher utility

I never really got into reversing DOS 16-bit programs and certainly haven't much experience in DOS extenders. The usual tools puke at this and to make it worse the stubbed exe is also packed... As far as I know there never has been any interest in anyone unpacking itThe firmware itself should be just a mixture of arm and thumb code and may or may not be worth looking atThanks for the checksum info!

Can you explain, how did you know about this algorithm of microprogram unpacking? I have spend a lot of time for analysis of packed firmwares for XOR detection...I seen the flasher, there is nothing interesting in it. It doesn't contain a tech key - only 92h command and a few of simple tests inside it.Firmware has a special block structure and consist of ARM and Thumb codes. That's why before you will upload it into disassemble, try to find which blocks and by which addresses are uploading on SSD RAM. Also, please don't forget that controller have three CPU cores.

Also, here is a couple advice:1. You are choose Samsung 840 series SSD - its very complicated for research works. Better to use 830 series.2. All Samsung SSD drives have COM-Port, but it is turned-off in main firmware.3. Drives have a special mode for working under MASK ROM control.4. Drives have a small number of technological commands.5. On many drives you can disable senior memory banks for the purpose of repair. Actually, these SSD is quite repairable. Much more complicated task is data recovery...

If you will have some interesting information about the Samsung SSD, please write me a private message. In exchange I can tell you what I know about these drives or to offer something more interesting for you

I will preface this by saying I have mostly VBA coding experience and am just learning Python.

That said, I have a need to encode the *.enc file. I have been using the samsung_ssd_decode.py with great success. Now, I would like to make a change and encode to test a firmware package. While the code is straight forward, I'm having difficulty with the same process in reverse. Any help is appreciated.

Since I'm a new member, I tried to PM but the system said I needed more activity. So, I'm now being active.

I think you will find the Zheino CHN-25PATA01 range of drives, likely to be the most hack-able as they are specifically designed to be utilized in a wide range of industrial machinery. They respond to email and I think you would be able to communicate directly with the engineering group

If you go through a checkout process and pay via Paypal, as a buyer you cannot lose. I know from the perspective of an eBay seller for 14 years, the buyer always wins and in some cases keeps the goods as well

Edit: I just bought one off eBay Australia (Australian stock) @ $82 and I have no fear of losing money

Sorry for my stupid question, but i can't find any .enc files. There are only four files in iso image: btdsk.img, isolinux.bin, isolinux.cfg, memdisc.

not stupid at all. This stuff gets easier the more you play around with it.

after you extract files from the ISO, you will be left with a few files... You then have to further extract from one of these files.

You will notice btdsk.img is about 2,880kb, and being the largest file you can be certain this one contains the firmware. So extract this file... with z-zip, "extract here" then look in folder "btdsk\Samsung\DSRD\FW\DXT09B0Q" for example

if you read number 2. and 3. where I explained it above, it should make sense.

Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum